I'm trying to figure out the best method for setting up DNS servers for Windows 11 clients based on their location. Specifically, I want to configure it so that:
1. When connected to our local network, they use DNS servers A and B.
2. When they are anywhere else, they switch to DNS servers C and D.
Is there a proven way to achieve this?
5 Answers
Honestly, I wouldn't call it reliable. For the 'ANYWHERE else' scenario, you can't always be sure if the current network allows access to DNS servers C and D. If not, your clients might end up without internet connection, and fixing it remotely could be a real hassle.
One great option is to implement an Always On VPN. When users are on the local network, their connection will use local DNS. When they leave the network, the VPN can connect and enforce your preferred DNS settings.
Absolutely! Services like Cloudflare Warp or PaloAlto GlobalProtect are solid choices that can handle this. At my workplace, we use GlobalProtect and it smoothly manages DNS server configurations along with filtering through Cisco Umbrella.
Who's DNS servers are you planning to utilize? Are they under your control or are they from a service provider? More details would help here.
On our network, we'll be using a private DNS (10.0.0.0/24), and off-network, we'll reach for Akamai DNS that includes filtering for kids. The private DNS will also forward requests to Akamai.
Before diving in, what's the reason behind wanting this DNS setup? Sometimes it's important to clarify the motivation.
It's mainly due to regulatory requirements.
Have you considered using firewall rules? However, keep in mind that this would impact all devices, not just Windows clients.
We're okay with that. If the network doesn't allow it, we'd prefer it to not function than to accidentally use a third-party DNS.